Skip to content

Add Openconextaccess to main #643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Tyskai wants to merge 44 commits into
base: main
Choose a base branch
from
Open

Add Openconextaccess to main #643

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
1f51ce8
Update serverapplication.yml.j2
Tyskai Jul 29, 2025
64c1a89
Added email.serviceDeskEmail placeholder
oharsta Nov 12, 2025
961ffa8
#769 Make affiliation email more configurable
Liemine Nov 17, 2025
0960373
Merge branch 'main' into feature/#769-make-scopedaffiliation-configur…
oharsta Nov 18, 2025
234b5d9
Merge remote-tracking branch 'origin/feature/#769-make-scopedaffiliat…
oharsta Nov 18, 2025
3d1f884
Fixed indentation for myconext
oharsta Nov 18, 2025
06a6381
WIP for https://github.com/OpenConext/OpenConext-attribute-aggregatio…
oharsta Nov 19, 2025
6a43eec
Merge remote-tracking branch 'origin/feature/add_eduid_acr_values' in…
oharsta Nov 20, 2025
6b68917
Fixes https://github.com/OpenConext/OpenConext-attribute-aggregation/…
oharsta Nov 20, 2025
05b0831
Fixes https://github.com/OpenConext/OpenConext-myconext/issues/757
Nov 20, 2025
c930adf
#757 Replaces hardcoded value with variable
Nov 20, 2025
14bff9a
Merge pull request #567 from OpenConext/feature/757-feature-toggle-en…
oharsta Nov 20, 2025
48bdd9a
Fixes https://github.com/OpenConext/OpenConext-myconext/issues/759 Ad…
ricardovdheijden Nov 24, 2025
f048ae3
Merge pull request #571 from OpenConext/feature/759-feature-toggle-us…
oharsta Nov 24, 2025
ec66f79
Merge branch 'main' into develop
oharsta Nov 24, 2025
cf73225
#1001 Add email addresses
Liemine Nov 25, 2025
19d0a48
Added missing attributes from feature branch
oharsta Nov 25, 2025
52528ec
Merge branch 'feature/#769-make-scopedaffiliation-configurable' into …
Liemine Nov 25, 2025
42930f8
Merge branch 'feature/#769-make-scopedaffiliation-configurable' into …
Liemine Nov 25, 2025
7f85717
Merge branch 'feature/#1001-different-email-from-for-nudges-and-warni…
Liemine Nov 25, 2025
9b0db98
Added languages for invite
oharsta Nov 26, 2025
0cafab3
Merge branch 'main' into develop
baszoetekouw Nov 26, 2025
9a481e4
Merge branch 'main' into develop
baszoetekouw Nov 26, 2025
9026265
Added missing mongodb_db variable for myconext CRON jobs
oharsta Nov 29, 2025
6a30219
#1024 Add mail-institution-batch-size to 500 and set mail-institution…
Liemine Dec 1, 2025
2456b25
Merge branch 'feature/#1024-send-institutionmailwarning-in-smaller-ba…
Liemine Dec 1, 2025
7a23f86
#802-differentiate-error_mail-configurable-for-prod-and-non-prod-develop
Liemine Dec 2, 2025
1feb140
Merge pull request #582 from OpenConext/feature/#802-differentiate-er…
Liemine Dec 2, 2025
10431c9
https://github.com/OpenConext/OpenConext-access/issues/322
oharsta Dec 2, 2025
09428ab
Merge branch 'feature/access-support-mail' into develop
oharsta Dec 2, 2025
2744db6
Merge branch 'main' into feature/open-access
oharsta Dec 5, 2025
7554335
Merge branch 'openaccess' into feature/open-access
oharsta Dec 5, 2025
118a47b
Merge branch 'feature/open-access' into develop
oharsta Dec 5, 2025
4b29f86
test2 uit serverapplication.yml.j2
Tyskai Dec 5, 2025
6c25ee4
do not show minio root ww
crosmuller Dec 5, 2025
b17b097
Add some debugging
crosmuller Dec 11, 2025
2e366f2
network variable was not used in container creation
crosmuller Dec 11, 2025
6f47902
Merge remote-tracking branch 'origin/main' into feature/open-access
Tyskai Mar 10, 2026
1829d45
Update serverapplication.yml.j2
Tyskai Mar 12, 2026
338d4d2
docker fix en stats eruit?
Mar 12, 2026
ed069e3
Update serverapplication.yml.j2 with stats variables
Tyskai Mar 12, 2026
923793e
Update serverapplication.yml.j2 voor OIDCNG
Tyskai Mar 12, 2026
0410d4a
het iig werkend maken voor test2
Mar 13, 2026
42882df
update van serviceapplication yml
Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion roles/invite/templates/serverapplication.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,6 @@ config:
languages: "nl, en"
environment: {{ environment_shortname }}


feature:
limit-institution-admin-role-visibility: {{ invite.limit_institution_admin_role_visibility }}
enable-performance-seed: False
Expand Down
2 changes: 2 additions & 0 deletions roles/openaccess/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
---
openaccess_server_restart_policy: always
openaccess_server_restart_retries: 0
openaccess_docker_networks:
- name: loadbalancer
13 changes: 9 additions & 4 deletions roles/openaccess/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,15 @@
- serverapplication.yml
notify: restart accessserver


- name: Debug mariadb_in_docker # Show with -vv
ansible.builtin.debug:
msg: "{{ mariadb_in_docker }}"
verbosity: 2

- name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker
ansible.builtin.set_fact:
invite_docker_networks:
openaccess_docker_networks:
- name: loadbalancer
- name: openconext_mariadb
when: mariadb_in_docker | default(false) | bool
Expand All @@ -36,8 +42,7 @@
restart_policy: "{{ openaccess_server_restart_policy }}"
restart_retries: "{{ openaccess_server_restart_retries }}" # Only for restart policy on-failure
state: started
networks:
- name: "loadbalancer"
networks: "{{ openaccess_docker_networks }}"
mounts:
- source: /opt/openconext/openaccess/serverapplication.yml
target: /application.yml
Expand Down Expand Up @@ -95,4 +100,4 @@
S3_STORAGE_URL : "{{ openconextaccess.s3_storage.url }}"
S3_STORAGE_KEY : "{{ openconextaccess.s3_storage.key }}"
S3_STORAGE_SECRET : "{{ openconextaccess.s3_storage.secret }}"
S3_STORAGE_BUCKET : "{{ openconextaccess.s3_storage.bucket }}"
S3_STORAGE_BUCKET : "{{ openconextaccess.s3_storage.bucket }}"
36 changes: 18 additions & 18 deletions roles/openaccess/templates/serverapplication.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,17 @@ spring:
client:
registration:
oidcng:
client-id: {{ oidc_playground.client_id }}
client-secret: {{ oidc_playground.secret }}
client-id: {{ openconextaccess.oidcng.client_id }}
client-secret: {{ openconextaccess.oidcng.secret }}
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
authorization-grant-type: "authorization_code"
scope: openid
provider:
oidcng:
authorization-uri: "https://connect.{{ base_domain }}/oidc/authorize"
token-uri: "https://connect.{{ base_domain }}/oidc/token"
user-info-uri: "https://connect.{{ base_domain }}/oidc/userinfo"
jwk-set-uri: "https://connect.{{ base_domain }}/oidc/certs"
authorization-uri: {{ openconextaccess.oidcng.authorization_uri }}
token-uri: {{ openconextaccess.oidcng.token_uri }}
user-info-uri: {{ openconextaccess.oidcng.user_info_uri }}
jwk-set-uri: {{ openconextaccess.oidcng.jwk_set_uri }}
user-name-attribute: sub
user-info-authentication-method: client_secret_basic
jpa:
Expand All @@ -62,8 +62,8 @@ spring:
host: {{ smtp_server }}

oidcng:
discovery-url: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration"
introspect-url: "https://connect.test2.surfconext.nl/oidc/introspect"
discovery-url: {{ openconextaccess.oidcng.discovery_url }}
introspect-url: {{ openconextaccess.oidcng.introspect_url }}
resource-server-id: myconext.rs
resource-server-secret: secret
base-url: {{ openconextaccess_base_domain }}
Expand All @@ -90,7 +90,7 @@ config:
client-url: "https://{{ openconextaccess_base_domain }}"
base-url: "{{ base_domain }}"
edu_id_schac_home_organization: "eduid.nl"
discovery: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration"
discovery: "https://connect.{{ env }}.surfconext.nl/oidc/.well-known/openid-configuration"
invite: "https://invite.{{ base_domain }}"
sram: "https://{{ env }}.sram.surf.nl/"
service_desk: "https://servicedesk.surf.nl/jira/plugins/servlet/desk/user/requests?reporter=all"
Expand All @@ -105,7 +105,7 @@ config:
entityid: "https://idp.diy.surfconext.nl"
descriptionEN: "Een test-IdP met <a href='https://idp.diy.surfconext.nl/showusers.php' target='_blank'>fictieve gebruikersaccounts</a>. De metadata vind je <a href='https://idp.diy.surfconext.nl/saml2/idp/metadata.php' target='_blank'>hier</a>"
descriptionNL: "Een test-IdP met <a href='https://idp.diy.surfconext.nl/showusers.php' target='_blank'>fictieve gebruikersaccounts</a>. De metadata vind je <a href='https://idp.diy.surfconext.nl/saml2/idp/metadata.php' target='_blank'>hier</a>"
idp_proxy_meta_data: https://metadata.test2.surfconext.nl/idp-metadata.xml
idp_proxy_meta_data: {{ openconextaccess.idp_proxy_meta_data }}
minimal_stepup_acr_level: "http://{{ base_domain }}/assurance/loa2"
features:
- name: idp
Expand All @@ -121,7 +121,7 @@ config:
- "{{ loa }}"
{% endfor %}

eduid-idp-entity-id: "https://login.{{ myconext_base_domain }}"
eduid-idp-entity-id: {{ openconextaccess.eduid_idp_entity_id }}

super-admin:
users:
Expand Down Expand Up @@ -166,19 +166,19 @@ invite:
user: {{ invite.access_user }}
password: "{{ invite.access_secret }}"

# Todo relace with openconextaccess user
statistics:
enabled: True
url: {{ dashboard.stats_url }}
user: {{ dashboard.stats_user }}
password: {{ stats_dashboard_api_password }}

s3storage:
url: {{ openconextaccess.s3_storage.url }}
key: {{ openconextaccess.s3_storage.key }}
secret: {{ openconextaccess.s3_storage.secret }}
bucket: {{ openconextaccess.s3_storage.bucket }}

statistics:
enabled: {{ openconextaccess.statistics.enabled }}
url: {{ openconextaccess.statistics.url }}
user: {{ openconextaccess.statistics.user }}
password: {{ openconextaccess.statistics.password }}


management:
health:
mail:
Expand Down